OpenSSL 函数
在线手册:中文 英文
PHP手册

openssl_pkcs12_export_to_file

(PHP 5 >= 5.2.2)

openssl_pkcs12_export_to_fileExports a PKCS#12 Compatible Certificate Store File

说明

bool openssl_pkcs12_export_to_file ( mixed $x509 , string $filename , mixed $priv_key , string $pass [, array $args ] )

openssl_pkcs12_export_to_file() stores x509 into a file named by filename in a PKCS#12 file format.

参数

x509

参见密钥/证书参数以获取有效值列表。

filename

Path to the output file.

priv_key

Private key component of PKCS#12 file.

pass

Encryption password for unlocking the PKCS#12 file.

args

返回值

成功时返回 TRUE, 或者在失败时返回 FALSE.


OpenSSL 函数
在线手册:中文 英文
PHP手册
PHP手册 - N: Exports a PKCS#12 Compatible Certificate Store File

用户评论:

jaunakaste at inbox dot lv (03-Feb-2012 08:34)

Documentation needs to more detailed description!

The source problem was (similar to this: http://www.phpbuilder.com/board/showthread.php?t=10321977)

$exestr = "openssl pkcs12 -export -in TEST.crt -inkey MY_PRIVATE_KEY -certfile MY_CA_CERT -name blablabla -passin pass:MYPASS -passout pass:MYPASS -out TMPCERT";

that there it is possible to define "-certfile MY_CA_CERT", but not any hint how to do it with this function.

So I used to generate p12 files with openssl console tool, but once it got necessary to do that with PHP, there i spent a lot of hours, to figure out this info:

Here is example:

$args = array(
               'extracerts' => $CAcert,
               'friendly_name' => 'My {ID} CA signed certificate'
              );
openssl_pkcs12_export($signed_csr, $cerificate_out, $private_key_resource, $passphrase, $args);

the $CAcert param, can be only string with PEM format certificate (not path, like it said in previous comment).

lampacz at gmail dot com (02-Jul-2009 09:13)

[, array $args ]  can contain only: extracerts, friendly_name

extracerts - additional certificates (can be file or string)
friendly_name - "friendly name" for the certificate and private key. This name is typically displayed in list boxes by software importing the file.

based on source code version 5.2.8 and pkcs12 man page